基於cookie和session的登入認證示例
阿新 • • 發佈:2019-02-04
登入認證示例
需要知道幾點
一共有三次請求注意:form表單的action走的路徑還是/login/
第一次請求:url:http://127.0.0.1:8080/login get請求
第一次請求:url:http://127.0.0.1:8080/login post請求 user pasw
第一次請求:url:http://127.0.0.1:8080/index post請求 攜帶著cookie的了
所以在index頁面中就會取到cookie,因為這是的index裡面已經有cookie了
in urls.py
from app01 import views urlpatterns = [ url(r'^admin/', admin.site.urls), url(r'^login/', views.login), url(r'^index/', views.index), ]
in views.py
from django.shortcuts import render,redirect,HttpResponse from app01 import models # Create your views here. def login(request): if request.method=="POST": print("所有請求資料",request.POST) username = request.POST.get("username") password = request.POST.get("password") # 檢視資料庫中的使用者名稱和密碼,對比使用者輸入的是否是資料庫中的值 ret = models.UserInfo.objects.filter(username=username,password=password) if ret: #如果使用者名稱和密碼都正確,則登入成功 print(request.COOKIES) #{'csrftoken': '1EaTcdQlxdwtR0eXu4uDqEHElEpOlDRJoSAd7TfA7cBDxAyxADVPbIKaZk6J0DVB'} # 由於http協議是無狀態的,你這次登入完就不知道是誰登入了,當別人知道你的主頁url,就都可以登入了。那樣就沒有隱私了 # 這就得用到cookie了 obj = redirect("/index/") obj.set_cookie("islogin",True) #設定cookie值,注意這裡的引數,一個是鍵,一個是值 obj.set_cookie("haiyan","344",20) #20代表過期時間 obj.set_cookie("username", username) return obj else: return render(request,"login.html") else: return render(request,"login.html") def index(request): is_login = request.COOKIES.get("islogin",None) #得到cookie,有就得到,沒有就得到none if is_login: username = request.COOKIES.get("username") print(username) return render(request,"index.html",{"username":username}) else: #如果沒有拿到值,就一直在登入頁面就進不去 return redirect("/login/")
in models.py
class UserInfo(models.Model):
username =models.CharField(max_length=32)
password =models.CharField(max_length=32)
in login.htmlin index.html<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width"> <title>使用者登入</title> <link rel="stylesheet" href="/static/bootstrap-3.3.7-dist/css/bootstrap.min.css"> <script src="/static/bootstrap-3.3.7-dist/js/bootstrap.min.js"></script> <style> .c1{ margin-top: 100px; } .btn{ width: 130px; } .c2{ margin-left: 40px; } </style> </head> <body> <div class="container"> <div class="row"> <div class="c1 col-md-5 col-md-offset-3"> <form class="form-horizontal" action="/login/" method="post" novalidate> {% csrf_token %} <div class="form-group"> <label for="username" class="col-sm-2 control-label">使用者名稱</label> <div class="col-sm-10"> <input type="email" class="form-control" id="username" placeholder="Email" name="username"> </div> </div> <div class="form-group"> <label for="password" class="col-sm-2 control-label">密碼</label> <div class="col-sm-10"> <input type="password" class="form-control" name="password" id="password" placeholder="Password"> </div> </div> <div class="form-group"> <div class="col-sm-offset-2 col-sm-10"> <button type="submit" class="btn btn-primary">登入</button> <button type="submit" class="btn btn-success c2">註冊</button> </div> </div> </form> </div> </div> </div> </body> </html>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width">
<title>Title</title>
</head>
<body>
<h1>hello{{ username }}</h1>
</body>
</html>
cookie儲存到客戶端
優點:資料儲存在客戶端。減輕服務端的壓力,提高網站的效能
缺點:安全性不高,在客戶端很容易被檢視或破解使用者會話資訊